The increased proliferation of hyper connectivity exposes industrial control system (ICS) endpoints to new cybersecurity threats. According to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), ICS attacks have increased substantially in the United States between 2010 and 2016 (ICS-CERT Year in Review 2016 report). While both external and internal threats are on the rise, internal security threats make up the majority of security threats in ICS environments.
In addition to disgruntled employees launching internal security attacks, an improperly configured industrial asset can lead to the same impact as a malicious attack. Therefore, ensuring all deployed IT and production-centric assets are properly configured and operating as intended at all times is critical. According to the Industrial Internet Consortium (IIC), the leading global industry association for Industrial Internet of Things (IIoT), the average life span of an industrial system is currently 19 years, meaning that security technologies must be compatible with legacy operational technology (OT) systems that may simply not be designed to support present-day security mechanisms. Ideally, security must be applied from the edge to the cloud and should span informational technology (IT) and OT networks and sub systems.
Security is essential for reliable operations of IoT. Whether malicious or accidental, malfunctioning IoT devices, such as connected cars and smart grid components, can pose a significant risk to consumers, businesses, and societies. Frost & Sullivan’s research indicates that more than 70% of organizations today believe security is a top consideration in IoT purchase decisions. These outfits expect security will emerge as the top consideration for more than 90% of customers by 2020. IoT devices typically have only as much processing capacity and memory as needed for their tasks. Therefore, IoT must be secured by using efficient technologies that are purposely built for the machine environment. Secure device onboarding and implementing owner-controlled security credentials on devices are the foundational requirements for IoT security.
Security costs are low compared to the potential devastation from a compromising event; however, IoT devices are being manufactured without the required components essential for IoT security, such as a way to generate keys on the device or without a mechanism to configure unique identifiers to devices. Device original equipment manufacturers (OEMs) must use components that have the necessary in-built security capabilities to ensure appropriate levels of device and data authentication and integrity.
This Frost & Sullivan insight describes the key requirements in the ICS security market and presents details on how leading security providers address these needs. Information is provided in the form of profiles, wherein Frost & Sullivan has interviewed each industry participant included in this profile. Frost & Sullivan’s independent analyst perspectives have been provided for each profiled companies as well.